If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Apologies for the delay. I think from now on, I'll be running these scans exclusively in Safe Mode (unless instructed otherwise, of course). ComboFix took much longer than the 10 minutes it mentioned, and crashed after a reboot- the screen turned into a bunch thin tan bars.

The good news is that the Recovery Console appears to have been installed successfully, and ComboFix ran just fine in Safe Mode.

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::

Yeah, that should be safe. That's a little code I was messing around with. Also, I use Firefox as my default browser. I rarely use IE, and I know I set that value.

Also another thing, before I forget, I have Windows Update set up to download and wait for me to give the go ahead to install. Apparently an update downloaded and I see the little yellow shield in the task bar indicating it's ready to go, even when I'm not connected. Once we're done here, do you think that will be safe to run, and is there some way to reset that in case it's been infected? (Or perhaps this is still the malware pretending to be windows update?)

Wow, this scan is taking forever. Hopefully I'll have those logs for you soon.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.

If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..

In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...

IAT/EAT

Drives/Partition other than Systemdrive (typically C:\)

Show All (don't miss this one)Click the image to enlarge it

Then click the Scan button & wait for it to finish.

Once done click on the [Save..] button, and in the File name area, type in "ark.txt"

Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

Is there an alternative to this tool? It keeps crashing when I run it in normal mode (even blue-screened once), and the screen is too large for me to see the buttons below the scan button when I run it in safe mode. (Yeah, this laptop has a pretty small screen. Nice for portability, terrible right now.) Or perhaps there's a version of the tool that's sized down for smaller screens? Argh!

Yeah, I was worried I might have some sort of rootkit thing going on too. But try, and try again, I couldn't get GMER to run successfully- I even let it go for something like 3 hours, and by the end of it, my machine was barely responsive, and the GMER window was completely blanked out.